package com.think.web;

import java.beans.PropertyEditorSupport;
import java.io.IOException;
import java.nio.charset.Charset;
import java.util.Date;

import javax.servlet.http.HttpServletRequest;

import org.joda.time.DateTime;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.WebDataBinder;
import org.springframework.web.bind.annotation.InitBinder;
import org.springframework.web.util.HtmlUtils;

import com.google.common.base.Strings;

/**
 * @ClassName: BaseController
 * @Description: 控制器支持基类. <br/>
 * @author Dzy yndxc@163.com
 * @date 2015年8月12日
 */
@SuppressWarnings("all")
public abstract class BaseController {
	/**
	 * 使用的编码格式
	 */
	public static final Charset ECODEING = Charset.forName("UTF-8");
	
	/**
	 * 返回码，用于ajax返回json
	 */
	public static final String RETURN_CODE = "RETURN_CODE";
	
	/**
	 * 消息标识，用于ajax返回json
	 */
	public static final String RETUFN_MSG = "RETUFN_MSG";
	
	/**
	 * 数据标识，用于ajax返回json数据
	 */
	public static final String DATA = "data";
	
	/**
	 * 数据标识，用于返回分页对象
	 */
	public static final String PAGE = "page";
	
	/**
	 * 初始化数据绑定
	 * 1. 将所有传递进来的String进行HTML编码，防止XSS攻击
	 * 2. 将字段中Date类型转换为String类型
	 */
	@InitBinder
	protected void initBinder(WebDataBinder binder) {
		// String类型转换，将所有传递进来的String进行HTML编码，防止XSS攻击
		binder.registerCustomEditor(String.class, new PropertyEditorSupport() {
			@Override
			public void setAsText(String text) {
				if(Strings.isNullOrEmpty(text)){
					text =  HtmlUtils.htmlEscape(text.trim());//html标签转义
					text = escapeSql(text); //sql转义
				}
				setValue(text);
			}
			@Override
			public String getAsText() {
				Object value = getValue();
				if(value == null){
					return "";
				}
				String text =  HtmlUtils.htmlUnescape(value.toString().trim());//html标签转义
				//text =  JavaScriptUtils.javaScriptEscape(text);//js转义
				text = escapeSql(text); //sql转义
				return text;
			}
		});
		// Date 类型转换
		binder.registerCustomEditor(Date.class, new PropertyEditorSupport() {
			@Override
			public void setAsText(String text) {
				setValue(DateTime.parse(text));
			}
		});
	}
	
   public String escapeSql(String str){
        if(str == null)
            return null;
        else
            return StringUtils.replace(str, "'", "''");
   }
   
   /*** 
    * Get request query string, form method : post 
    *  
    * @param request 
    * @return byte[] 
    * @throws IOException 
    */  
   public static byte[] getRequestPostBytes(HttpServletRequest request)  
           throws IOException {  
       int contentLength = request.getContentLength();  
       /*当无请求参数时，request.getContentLength()返回-1 */  
       if(contentLength<0){  
           return null;  
       }  
       byte buffer[] = new byte[contentLength];  
       for (int i = 0; i < contentLength;) {  
 
           int readlen = request.getInputStream().read(buffer, i,  
                   contentLength - i);  
           if (readlen == -1) {  
               break;  
           }  
           i += readlen;  
       }  
       return buffer;  
   }  
 
   /*** 
    * Get request query string, form method : post 
    *  
    * @param request 
    * @return 
    * @throws IOException 
    */  
   public static String getRequestPostStr(HttpServletRequest request)  
           throws IOException {  
       byte buffer[] = getRequestPostBytes(request);  
       String charEncoding = request.getCharacterEncoding();  
       if (charEncoding == null) {  
           return  new String(buffer, ECODEING);  
       }  
       return new String(buffer, charEncoding);  
   }  
}
